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DETAILED ACTION 

This Action is in response to an Amendment filed IVIarch 30, 2005. Claims 1-29 are currently 
pending. Any rejection not set forth below has been overcome by the current Amendment. 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-32,34 are rejected under 35 U.S.C. 103(a) as being unpatentable over Nessett et al. 
(US 5,968,1 76), and further in view of Reid et al. (US 6,1 82,226) in view of Vaidya (US 6,279,1 1 3). 

As per claim 1 , Nessett et al. disclose a network adapter system, as claimed, comprising: 

• a processor positioned on a network adapter coupled between a computer and a network 
(see column 1 1 , lines 26-31 , where network adapter is considered the NIC; computer is 
considered the end system, and the processor is inherent within the NIC for it to operate); 

• wherein the processor is adapted for content scanning of network traffic transmitted 
between the computer and the network (see column 1 1 , lines 54-62, where scanning is 
implied by filtering within a NIC to implement a multilayer firewall). 

Although the system disclosed by Nessett et al. shows substantial features of the claimed 
invention (discussed above), it fails to disclose virus scanning to scan for known types of malicious 
programs or data. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et al., as evidenced by Reid et al. 

In an analogous art, Reid et al. disclose a system where a firewall maintains a set of regions 
restricting communication according to a set of policies (see Abstract). Further, teaching the firewall 
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containing a virus scanner region to scan for known type of nfialicious program or data (see Fig. 4, and 
column 8, lines 10-18). 

Given the teaching of Reid et al., a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. by employing a firewall capable of 
virus scanning to scan for known types of malicious programs or data, such as disclosed by Reid et al., in 
order to further improve the level of security provided by a firewall to prevent malicious attacks from 
incurring on a target system. 

Although the system disclosed by Nessett et al. in view of Reid et al. shows substantial features 
of the claimed invention (discussed above), it fails to disclose that the virus scanning utilizes virus 
signature files. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et al. in view of Reid et al., as evidenced by Vaidya. 

In an analogous art, Vaidya discloses an intrusion detection system where there are attack 
signature profiles to aid in monitoring network traffic. Further showing the intrusions being unauthorized 
manipulation of network data and attempted delivery of malicious data packets (see column 3, lines 12- 
26), 

Given the teaching of Vaidya, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. in view of Reid et al. by scanning 
for virus signature files, such as disclosed by Vaidya, in order to accurately monitor for viruses, and 
distinguish between different types of attacks to address them accordingly. 

As per claim 2, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
processor is capable of being user-configured (see Nessett et al. column 16, lines 31-42). 

As per claim 3. Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
processor is capable of being user-configured locally (see Nessett et al. column 20, lines 62-67, where it 
is implied if there is a storage available at the node, the configuration data will be available to the node 
locally; and nodes are devices as described by Nessett et al. in column 8, 1-6) 
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As per claim 4, Nessett et aL in view of Reid et aL in view of Vaidya further disclose that the 
processor is capable of being user-configured remotely via a network connection with the network 
adapter (see Nessett et al. column 16, lines 31-42). 

As per claim 5, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
processor is capable of being user-configured only after the verification of a password (see Nessett et al. 
column 18, lines 11-19). 

As per claim 6, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
manner in which the scanning is performed is capable of being user-configured (see Nessett et al. column 
17, lines 9-21). 

As per claim 7, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
settings of the network adapter are capable of being user-configured (see Nessett et al. column 20, lines 
42-46, where the settings are considered the rules that are being configured in the node). 

As per claim 8, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
processor is capable of detemiining whether received packets are of interest (see Nessett et al. column 
23, lines 18-26). 

As per claim 9, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
packets of interest are based on an associated protocol (see Nessett et al. column 23, lines 18-26, where 
the associated protocol is considered protocols other than FTP in this case). 

As per claim 10, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
processor is capable of passing received packets that are not of interest to the computer (see Nessett et 
al. column 23, lines 18-26). 

As per claim 1 1 , Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
processor is capable of scanning received packets that are of interest (see Nessett et al. column 23, lines 
18-26, where scanning is implied from the ability to distinguish between the different protocols). 

As per claim 12, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
processor is capable of denying received packets that fail the scan (see Nessett et al. column 23, lines 
18-26). 
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As per claim 13, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
scan Is perfomied based on user settings (see Nessett et al. column 23, lines 43-57, where the user 
settings are determined by the user configured Multilayer Firewall Management Station). 

As per claim 30, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
content scanning enforces operational policies of an organization (see Nessett et al. column 17, lines 9- 
21). 

As per claim 31 , Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
policies include detecting entities selected from the group consisting of harassing content, pornographic 
content, junk e-mails, and misinformation (see Vaidya column 3, lines 12-26). 

As per claim 32, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that it would 
have been obvious to store the signature files on a non-volatile solid state memory on the network 
adapter since virus scanning is performed on the network adapter, it would be obvious that the signature 
files be located along with the virus scanner. 

As per claim 34, Nessett et al. in view of Reid et al. in view of Vaidya further disclose that the 
packets that are of interest include executable files (see Vaidya et al. column 11, lines 35-47). 

As per claim 14,27,28 Nessett et al. disclose a system for scanning network traffic on a network 
adapter, as claimed, comprising: 

• network adapter means for receiving packets (see column 23, lines 1 8-26); 

• processor means positioned on the network adapter means for content scanning of the 
packets (see column 23, lines 18-26); and 

• means for conditionally taking security measures if the packets fail the scan (see column 
23, lines 18-26). 

Although the system disclosed by Nessett et al. shows substantial features of the claimed 
invention (discussed above), it fails to disclose virus scanning to scan for known types of malicious 
programs or data. 
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Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et aL, as evidenced by Reid et al. 

In an analogous art, Reid et al. disclose a system where a firewall maintains a set of regions 
restricting communication according to a set of policies (see Abstract). Further, teaching the firewall 
containing a virus scanner region to scan for known type of malicious program or data (see Fig. 4, and 
column 8. lines 10-18). 

Given the teaching of Reid et al., a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. by employing a firewall capable of 
virus scanning to scan for known types of malicious programs or data, such as disclosed by Reid et al., in 
order to further improve the level of security provided by a firewall to prevent malicious attacks from 
incurring on a target system. 

Although the system disclosed by Nessett et al. in view of Reid et al. shows substantial features 
of the claimed invention (discussed above), it fails to disclose that the virus scanning utilizes virus 
signature files. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et al. in view of Reid et al., as evidenced by Vaidya. 

In an analogous art, Vaidya discloses an intrusion detection system where there are attack 
signature profiles to aid in monitoring network traffic. Further showing the intrusions being unauthorized 
manipulation of network data and attempted delivery of malicious data packets (see column 3, lines 12- 
26), 

Given the teaching of Vaidya, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. in view of Reid et al. by scanning 
for virus signature files, such as disclosed by Vaidya, in order to accurately monitor for viruses, and 
distinguish between different types of attacks to address them accordingly. 

As per claims 15-26, see rejection for claims 2-13 above. 



As per claim 29, Nessett et al. disclose a network adapter system, as claimed, comprising: 
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• a processor positioned on a network adapter coupled between a computer and a 
network, the processor including a packet assembly module, random access memory, 
and a scanner module (see column 23, lines 18-26, where processor components 
claimed are inherent within the processor disclosed by Nessett et aL). 

• a user interface driver for identifying network traffic of interest transmitted between the 
computer and the network (see column 23, lines 18-26); 

• wherein the processor is adapted for discerning and content scanning of network traffic of 
interest transmitted between the computer and the network (see column 23, lines 18-26). 

Although the system disclosed by Nessett et al. shows substantial features of the claimed 
invention (discussed above), it fails to disclose virus scanning to scan for known types of malicious . 
programs or data. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et aL, as evidenced by Reid et al. 

In an analogous art, Reid et al. disclose a system where a firewall maintains a set of regions 
restricting communication according to a set of policies (see Abstract). Further, teaching the firewall 
containing a virus scanner region to scan for known type of malicious program or data (see Fig. 4, and 
column 8, lines 10-18). 

Given the teaching of Reid et al., a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. by employing a firewall capable of 
virus scanning to scan for known types of malicious programs or data, such as disclosed by Reid et al.. in 
order to further improve the level of security provided by a firewall to prevent malicious attacks from 
incurring on a target system. 

Although the system disclosed by Nessett et al. in view of Reid et al. shows substantial features 
of the claimed invention (discussed above), it fails to disclose that the virus scanning utilizes virus 
signature files. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et al. in view of Reid et al., as evidenced by Vaidya. 
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In an analogous art, Vaidya discloses an intrusion detection system where there are attack 
signature profiles to aid in monitoring network traffic. Further showing the intrusions being unauthorized 
manipulation of network data and attempted delivery of malicious data packets (see column 3. lines 12- 
26), 

Given the teaching of Vaidya, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. in view of Reid et al. by scanning 
for virus signature files, such as disclosed by Vaidya, in order to accurately monitor for viruses, and 
distinguish between different types of attacks to address them accordingly. 

3. Claim 33 is rejected under 35 U.S.C. 103(a) as being unpatentable over Nessett et al. in view of 
Reid et al. in view of Vaidya as applied to claim 32 above, and further in view of Bonomo et al. (US 
6,658,562). 

Although the system disclosed by Nessett et al. in view of Reid et al. in view of Vaidya shows 
substantial features of the claimed invention (discussed above), it fails to disclose that memory is user 
protected by configuring a network adapter BIOS with a password that only a user can change. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Nessett et al. in view of Reid et al. in view of Vaidya. as 
evidenced by Bonomo. 

In an analogous art, Bonomo discloses a system for setting different BIOS configurations stored 
in a memory device (see Abstract). Further showing setting a password to view infomiation in a BIOS 
setup program or to change configuration (see column 4, lines 11-21 and 30-41). 

Given the teaching of Bonomo, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Nessett et al. in view of Reid et al. in view of 
Vaidya by employing a password protected BIOS, such as disclosed by Bonomo, in order to prevent 
unwanted users from changing settings without authorization. 
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Response to Arguments 

4. Applicant's arguments filed March 30, 2005 have been fully considered but they are not 
persuasive. 

(A) Applicant contends that Nessetfs disclosure of a firewall does not teach scanning for network 
traffic. 

In considering (A), the Examiner respectfully disagrees. In order to filter packets such as 
disclosed by Nessett. The firewall must implicitly scan packets to determine if they are blocked or allowed 
through. To filter packet traffic each packet must be looked at, which is interpreted as being scanned. 

Conclusion 

5. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office 
action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of 
the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should • 
be directed to Philip J. Chea whose telephone number is 571-272-3951 . The examiner can nomnally be 
reached on M-F 7:00-4:30 (1st Friday Off). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Glenn Burgess can be reached on 571-272-3949. The fax phone number for the organization where this 
application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent Application 
Infomnation Retrieval (PAIR) system. Status infonmation for published applications may be obtained from 
either Private PAIR or Public PAIR. Status infonnation for unpublished applications is available through 
Private PAIR only. For more infonmation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-21 7-91 97 (toll-free). 
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